Computer hacking, Malware, worms, and other computer related mischief undertaken or caused by people with either benign or malicious intent is of grave concern to businesses, particularly those that rely on expansive computer networks. Indeed, a breach of an organization's network, including even a single computer on that network, may result in direct and indirect financial loss, the latter including loss associated with legal fees, fines, etc. In certain cases, such as when the computer controls industrial processes, harm caused by malicious code may be physical. In other cases where physical harm is remote, emotional and or financial harm may come to the user through loss of critical data and/or by revealing private data to a third party.
Malware, computer viruses and the like are often propagated via one or more computer files. Typically, computer users obtain computer program files in the form of binary code, e.g., compiled source code. Unless the computer user is a programmer himself, it is rare that the source code of a given program is available to determine whether the code is malicious in nature.
One way to analyze binary code (or executable code) is to launch the executable code in a “sandbox” that is, essentially, an instance of an operating system that is executed for the sole purpose of running the binary code to be analyzed. Using such an approach, even if a given executable program in the form of binary code is malicious, there are no data or other programs that can be impacted because, in the sandbox approach, the operating system is not supporting any other user functionality. Although, the sandbox approach has certain advantages, it may be difficult, in a practical situation to subject every piece of binary code to such a test. In any event, some malicious software might include code that does not actually perform malicious actions for days or even weeks. Accordingly, the sandbox approach has limitations.
There is therefore a need to provide tools for examining and analyzing binary code in an effort to identify potentially malicious software.